Sniffing Out Illicit BitTorrent Files

A new tool promises to detect illegal files without slowing network traffic.

A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers.

Contraband files might include pirated movies, music, or software. When the tool detects such a file, it keeps a record of the network addresses involved for later analysis, says Major Karl Schrader, who led the work at the Air Force Institute of Technology, in Kettering, OH.

The use of peer-to-peer (P2P) software and of the BitTorrent protocol in particular have increased steadily over recent years. In fact, for many Internet service providers (ISPs), the vast majority of Internet traffic now consists of P2P transfers.

On the other hand, tracking user traffic can be seen as invasion of privacy. and In some countries are prohibited by law.

Another difficulty to the successful implementation of the project may be the need to create a large amount of hashes relevant to detect the illicit transfer in real time. But all this is meaningless if the Bit Torrent-traffic between the peers will be encrypted. Currently 25% of the total amount of data transmitted over the protocol Bit Torrent is encrypted.